shodan.io login

1. # -*- coding: utf-8 -*-
2. # shodan.io login by mrkx
3. # you may change the code make it into cracker
4. #
5. #
6. import requests,urllib2,subprocess
7.  
8. account_link = 'https://account.shodan.io'
9. login_path   = '/login'
10. home_link    = "https://www.shodan.io/"
11. username = ""
12. password = ""
13. s = requests.Session()
14. headers = {
15. 'Host':'account.shodan.io',
16. 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
17. 'Accept-Encoding': 'gzip, deflate',
18. 'Accept-Language': 'en-US,en;q=0.9',
19. 'Dnt': '1',
20. 'Upgrade-Insecure-Requests': '1',
21. 'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54'
22. }
23. a = s.get(account_link+login_path,headers=headers)
24. header_1 = a.headers
25. data = a.text.split("\n") #.encode('utf-8').decode('zlib_codec','strict')
26. csrf_token = ""
27. for i in data:
28.     if 'name="csrf_token"' in i:
29.         csrf_token= i.replace('<input type="hidden" name="csrf_token" value="','').replace('" />','')
30. gcookie = header_1['Set-Cookie'].split(" ")
31. cookie_jar = {}
32. for i in gcookie:
33.     if "__cfduid=" in i:
34.         cookie_jar["__cfduid="] = i.replace(";","")
35.     elif "session=" in i:
36.         cookie_jar["session="] = i.replace(";","")
37. login_form_data = 'username=%s&password=%s'%(username,password)+'&grant_type=password&continue=https%3A%2F%2Fwww.shodan.io%2F&csrf_token='+csrf_token+'&login_submit=Login'
38. login_headers = {
39. 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
40. 'Accept-Encoding': 'gzip, deflate',
41. 'Accept-Language': 'en-US,en;q=0.9',
42. 'Cache-Control': 'max-age=0',
43. 'Content-Length': '%s'%(len(login_form_data)),
44. 'Content-Type': 'application/x-www-form-urlencoded',
45. 'Cookie': '%s; %s'%(cookie_jar["__cfduid="],cookie_jar["session="]),
46. 'Dnt': '1',
47. 'Origin': 'https://account.shodan.io',
48. 'Referer': 'https://account.shodan.io/login',
49. 'Upgrade-Insecure-Requests': '1',
50. 'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54'
51. }
52. a = s.post(account_link+login_path,headers=login_headers,data=login_form_data)
53. print a.headers
54. data_login1= a.text
55. if "api-key-content" in data_login1:
56.     print "[*] login as: %s"%(username)
57.     for i in data_login1.split("\n"):
58.         if '<li id="api-key-content" style="display:none">' in i:
59.             print "[*] %s"%(i.replace('<li id="api-key-content" style="display:none">','').replace('</li>',''))